# docker registry v2 API 的理解与一些验证
docker registry v2 API 的理解与一些验证
文章目录
- docker registry v2 API 的理解与一些验证
-
- 1 API methods and URIs :
- 2 HEAD
- 3 不同header及无header时的区别验证
-
- 3.1 结果一
- 3.2 结果二
- 4 常用url与目录
- 5 最后
API官方文档:https://docs.docker.com/registry/spec/api/
API官方文档翻译:https://docs.docker.com.zh.xy2401.com/registry/spec/api/
1 API methods and URIs :
| Method | Path | Entity | Description |
|---|---|---|---|
| GET | /v2/ |
Base | Check that the endpoint implements Docker Registry API V2. |
| GET | /v2/ |
Tags | Fetch the tags under the repository identified by name.某仓库下的tag列表 |
| GET | /v2/ |
Manifest | Fetch the manifest identified by name and reference where reference 可以是镜像 tag 或 digest(要用header里的digest). A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data.获取某仓库某tag信息清单,带上请求header,可以获得指定信息 |
| PUT | /v2/ |
Manifest | Put the manifest identified by name and reference where reference can be a tag or digest. |
| DELETE | /v2/ |
Manifest | Delete the manifest identified by name and reference. Note that a manifest can only be deleted by digest.(要用header里的镜像digest) |
| GET | /v2/ |
Blob | Retrieve the blob from the registry identified by digest. A HEAD request can also be issued to this endpoint to obtain resource information without receiving all data. |
| DELETE | /v2/ |
Blob | Delete the blob identified by name and digest(要用config–>digest) |
| POST | /v2/ |
Initiate Blob Upload | Initiate a resumable blob upload. If successful, an upload location will be provided to complete the upload. Optionally, if the digest parameter is present, the request body will be used to complete the upload in a single request. |
| GET | /v2/ |
Blob Upload | Retrieve status of upload identified by uuid. The primary purpose of this endpoint is to resolve the current status of a resumable upload. |
| PATCH | /v2/ |
Blob Upload | Upload a chunk of data for the specified upload. |
| PUT | /v2/ |
Blob Upload | Complete the upload specified by uuid, optionally appending the body as the final chunk. |
| DELETE | /v2/ |
Blob Upload | Cancel outstanding upload processes, releasing associated resources. If this is not called, the unfinished uploads will eventually timeout. |
| GET | /v2/_catalog |
Catalog | Retrieve a sorted, json list of repositories available in the registry.仓库列表 |
说明:
目录manifests:是镜像目录或索引。
目录blobs:是镜像实体。
2 HEAD
英文:https://docs.docker.com/registry/spec/manifest-v2-2/
翻译:https://docs.docker.com.zh.xy2401.com/registry/spec/manifest-v2-2/
application/vnd.docker.distribution.manifest.v1+json:schema1(现有清单格式)application/vnd.docker.distribution.manifest.v2+json:新的图像清单格式(schemaVersion = 2)application/vnd.docker.distribution.manifest.list.v2+json:清单列表,又称“胖清单”application/vnd.docker.container.image.v1+json:容器配置JSONapplication/vnd.docker.image.rootfs.diff.tar.gzip:“图层”,作为压缩的tarapplication/vnd.docker.image.rootfs.foreign.diff.tar.gzip:“图层”,作为永远不应被推送的压缩后的tarapplication/vnd.docker.plugin.v1+json:插件配置JSON
实践总结:
application/vnd.docker.distribution.manifest.v2+json:新的图像清单格式(schemaVersion = 2)- 只有他是schemaVersion=2,其他全是1,也只有带这个header输出结果不一样,带其他header或不带header结果都一样
3 不同header及无header时的区别验证
3.1 结果一
# 新的图像清单格式(schemaVersion = 2)
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
60
# 内容输出
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' https://docker-repo:5000/v2/ufipf/gc-apply-service/manifests/2023.04.18.084456
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 5162,
"digest": "sha256:2b8e71e7c99caef05cd72d948e161fa56ce5425ce7427af5a49913f08874e9dd" #--是blob digest,前12位是镜像ID,curl -v可输出镜像digest
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 28567101,
"digest": "sha256:7b1a6ab2e44dbac178598dabe7cff59bd67233dba0b27e4fbd1f9d4b3c877a54"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 88117163,
"digest": "sha256:53c7dc4a9ac0223c923d31eed20d2d62837363b73434429ea8d627763d3fe263"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 49649255,
"digest": "sha256:2bedc44fe3bdae9c9c8c550124d4804bba3be27107310b146933355364c8c735"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 177,
"digest": "sha256:c91d35002add2410e53530a49e805fe15dd82b5c3dd46442f0e3cd45c201305b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 107225654,
"digest": "sha256:3756da984ea66407ac1a5bbb0fabeec09680bd0832c210e1505fc344ce235b3d"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 4370,
"digest": "sha256:1adb283c50915c2f712e5c8a71979ca1cb84ee8218cf580af18457edb825b2a0"
}
]
}
3.2 结果二
以下所有结果全是一样的,不论是不加header,还是加如下header(等于是header加了个寂寞),内容太长,用wc处理了下
# 无header
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# schema1(现有清单格式)
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.distribution.manifest.v1+json' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# 清单列表,又称“胖清单”
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# 容器配置JSON
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.container.image.v1+json' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# “图层”,作为压缩的tar
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.image.rootfs.diff.tar.gzip' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# “图层”,作为永远不应被推送的压缩后的tar
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.image.rootfs.foreign.diff.tar.gzip' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
# 插件配置JSON
curl -s -v -X GET -u ${DOCKER_REPO_USER}:${DOCKER_REPO_PASSWORD} -H 'Accept: application/vnd.docker.plugin.v1+json' https://${DOCKER_REPO}/v2/${DOCKER_REPO_USER}/gc-agent-service/manifests/2022.07.07.094332 | wc -l
139
结论:用【结果二】方式感觉没啥用,用【结果一】方式就够了
4 常用url与目录
# 常用url
https://仓库站点/v2/_catalog
https://仓库站点/v2/【仓库(中间可以包含多个/)】/tags/list
https://仓库站点/v2/【仓库(中间可以包含多个/)】/manifests/【tag|header-->digest】 #-- 删除时,必须用【header-->digest】
https://仓库站点/v2/【仓库(中间可以包含多个/)】/blobs/【config-->digest】
# 几个关键目录
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/
总用量 0
drwxr-xr-x. 3 root root 20 9月 19 2018 _layers
drwxr-xr-x. 4 root root 35 9月 19 2018 _manifests
drwxr-xr-x. 2 root root 6 5月 5 15:51 _uploads
[root@v-192-168-11-79-nexus-dockerreg docker_registry]#
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/_manifests/
总用量 0
drwxr-xr-x. 3 root root 20 9月 19 2018 revisions
drwxr-xr-x. 7 root root 120 5月 5 16:04 tags
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll /srv/docker/docker_registry/data/docker/registry/v2/repositories/ufipf/gclife-apply-service/_layers/
总用量 12
drwxr-xr-x. 23 root root 8192 5月 5 15:51 sha256
[root@v-192-168-11-79-nexus-dockerreg docker_registry]# ll /srv/docker/docker_registry/data/docker/registry/v2/blobs/
总用量 12
drwxr-xr-x. 258 root root 8192 9月 15 2018 sha256
5 最后
OK,看完这篇文章,你可能还想看看这篇文章【我实践:用docker registry API 获取清单并删除某仓库某tag镜像:https://blog.csdn.net/zhf_sy/article/details/126558517】
爱你!